package com.ddf.publics.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


/**
 * Created by Zero on 2020-3-12 16:10
 */
//@EnableWebSecurity
public class BackstageSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    VerifyCodeFilter verifyCodeFilter;
    //授权
    @Override//链式编程
    protected void configure(HttpSecurity http) throws Exception {
        //首页所有人能访问
        //请求授权规则
        http.authorizeRequests()
                //叮叮在线
                .antMatchers("/specimens/*","/admin/advert","/admin/advert/**","/admin/toCouponManage","/admin/CouponManage")
                .hasRole("online")
                //叮叮普惠
                .antMatchers("/admin/audit/**","/admin/audit","/admin/debitList","/admin/intersetList","/admin/interset","/due/*")
                .hasRole("pratt")
                .antMatchers("/admin/index","/admin/")
                .hasAnyRole("online","pratt")
                .antMatchers("/admin/toLogin","/admin/login").permitAll()
                .anyRequest()
                //其他没有限定的请求，允许访问
                .permitAll()
                .and()
                //springSecurty使用X-Frame-Options防止网页被Frame
                .headers().frameOptions().disable();

        //formLogin()开启登录页
        http.addFilterBefore(verifyCodeFilter, UsernamePasswordAuthenticationFilter.class)
            .formLogin()
                .loginPage("/admin/toLogin")
                .usernameParameter("username")
                .passwordParameter("password")
                .loginProcessingUrl("/admin/toLogin")//登录表单form中action的地址，也就是处理认证请求的路径
                .defaultSuccessUrl("/admin/index")//登录认证成功后默认转跳的路径;
                .failureForwardUrl("/admin/toLogin-error");

        //开启记住我功能 cookie 默认保存两周
        http.rememberMe().rememberMeParameter("remember-me");
        //退出删除cookie
        http.logout().deleteCookies("JESSIONID","key");
        //退出路径 注销回登录
        http.logout().logoutUrl("/admin/logout").logoutSuccessUrl("/admin/toLogin");
        /* 添加验证码过滤器 */
        http.csrf().disable();//禁用了 csrf 功能
        //控制单个用户只能在服务器登录一次,同一个用户在其他地方登录将前一个剔除下线
        http.sessionManagement().maximumSessions(1).expiredUrl("/admin/toLogin");
    }

    //认证
    @Override//spring-boot 1.*密码不用加密 2.*的要加密
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //从内存中读取用户
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()).
                withUser("admin").password(new BCryptPasswordEncoder().encode("123456")).roles("online","pratt")
                .and()
                .withUser("jose").password(new BCryptPasswordEncoder().encode("123456")).roles("online")
                .and()
                .withUser("zero").password(new BCryptPasswordEncoder().encode("123456")).roles("pratt");
    }
}
